Forum Discussion

mickyc1982's avatar
mickyc1982
Copper Contributor
Jul 22, 2021

AADSTS75011 Error on Edge (Azure AD Joined machines)

I have just setup SSO for a new enterprise application.

On AzureAD joined machines, it works in Chrome and Edge InPrivate mode. In normal edge, we get the following error:

 

AADSTS75011: Authentication method 'X509, MultiFactor' by which the user authenticated with the service doesn't match requested authentication method 'Password, ProtectedTransport'.

 

I have read about adding the following to SAML request but this is not possible with the vendor currently:

'authnContextClassRef' : false

 

This only affects AzureAD joined machines on Edge. When I test from a Hybrid joined machine there is no such issue.

 

Is there any way to resolve this from the Azure side?

  • Born_Slippy's avatar
    Born_Slippy
    Copper Contributor

    mickyc1982 

    We just ran into this exact same issue today with an application sending the optional/unnecessary RequestedAuthnContext info in the SAML request.  But, also narrowed down to only Edge/AAD joined affected.  Also, seems to correlate to Primary Refresh Token (PRT) with MFA/Windows Hello being used.

     

    Did you manage to find any solution that wasn't reliant on the software vendor?

    • mickyc1982's avatar
      mickyc1982
      Copper Contributor

      Born_Slippy in the settings for the 3rd party application I had to disable AuthnContext altogether. Once this was unchecked this resolved the issue for us

  • mickyc1982 

     

    I've seen this specifically with users that log into their computers with PIN or Face ID.  Users that login their PC's with traditional password don't seem to run into this issue.  The fact that users running other browsers aren't having these issues (just Edge) would seem to imply there should be something in the browser that could be adjusted to solve this issue.  

Resources